Description

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.

Remediation

References

CVE-2023-39525

Related Vulnerabilities

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-12171)

WordPress Plugin Social Share Icons & Social Share Buttons Security Bypass (2.4.5)

WordPress Plugin Master Slider-WordPress Responsive Touch Slider Unspecified Vulnerability (2.18.2)

Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14868)

WordPress Plugin Listing, Classified Ads & Business Directory-uListing SQL Injection (2.0.3)

Severity

Critical

Classification

CVE-2023-39525 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Tags

Missing Update Known Vulnerabilities